search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:libsmb: make use of get_cmdline_auth_info_* helper functions in get_ipc_connect()
[Samba.git] / source3 / smbd / filename.c
blob7062060bcf4b854ba767a4245b82482dd017a4ad
1 /*
2 Unix SMB/CIFS implementation.
3 filename handling routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1999-2007
6 Copyright (C) Ying Chen 2000
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /*
24 * New hash table stat cache code added by Ying Chen.
25 */
26
27 #include "includes.h"
28 #include "system/filesys.h"
29 #include "fake_file.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32
33 static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
34 connection_struct *conn,
35 struct smb_filename *smb_fname);
36
37 /****************************************************************************
38 Mangle the 2nd name and check if it is then equal to the first name.
39 ****************************************************************************/
40
41 static bool mangled_equal(const char *name1,
42 const char *name2,
43 const struct share_params *p)
44 {
45 char mname[13];
46
47 if (!name_to_8_3(name2, mname, False, p)) {
48 return False;
49 }
50 return strequal(name1, mname);
51 }
52
53 /****************************************************************************
54 Cope with the differing wildcard and non-wildcard error cases.
55 ****************************************************************************/
56
57 static NTSTATUS determine_path_error(const char *name,
58 bool allow_wcard_last_component,
59 bool posix_pathnames)
60 {
61 const char *p;
62 bool name_has_wild = false;
63
64 if (!allow_wcard_last_component) {
65 /* Error code within a pathname. */
66 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
67 }
68
69 /* We're terminating here so we
70 * can be a little slower and get
71 * the error code right. Windows
72 * treats the last part of the pathname
73 * separately I think, so if the last
74 * component is a wildcard then we treat
75 * this ./ as "end of component" */
76
77 p = strchr(name, '/');
78
79 if (!posix_pathnames) {
80 name_has_wild = ms_has_wild(name);
81 }
82
83 if (!p && (name_has_wild || ISDOT(name))) {
84 /* Error code at the end of a pathname. */
85 return NT_STATUS_OBJECT_NAME_INVALID;
86 } else {
87 /* Error code within a pathname. */
88 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
89 }
90 }
91
92 static NTSTATUS check_for_dot_component(const struct smb_filename *smb_fname)
93 {
94 /* Ensure we catch all names with in "/."
95 this is disallowed under Windows and
96 in POSIX they've already been removed. */
97 const char *p = strstr(smb_fname->base_name, "/."); /*mb safe*/
98 if (p) {
99 if (p[2] == '/') {
100 /* Error code within a pathname. */
101 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
102 } else if (p[2] == '\0') {
103 /* Error code at the end of a pathname. */
104 return NT_STATUS_OBJECT_NAME_INVALID;
105 }
106 }
107 return NT_STATUS_OK;
108 }
109
110 /****************************************************************************
111 Optimization for common case where the missing part
112 is in the last component and the client already
113 sent the correct case.
114 Returns NT_STATUS_OK to mean continue the tree walk
115 (possibly with modified start pointer).
116 Any other NT_STATUS_XXX error means terminate the path
117 lookup here.
118 ****************************************************************************/
119
120 static NTSTATUS check_parent_exists(TALLOC_CTX *ctx,
121 connection_struct *conn,
122 bool posix_pathnames,
123 const struct smb_filename *smb_fname,
124 char **pp_dirpath,
125 char **pp_start)
126 {
127 struct smb_filename parent_fname;
128 const char *last_component = NULL;
129 NTSTATUS status;
130 int ret;
131 bool parent_fname_has_wild = false;
132
133 ZERO_STRUCT(parent_fname);
134 if (!parent_dirname(ctx, smb_fname->base_name,
135 &parent_fname.base_name,
136 &last_component)) {
137 return NT_STATUS_NO_MEMORY;
138 }
139
140 if (!posix_pathnames) {
141 parent_fname_has_wild = ms_has_wild(parent_fname.base_name);
142 }
143
144 /*
145 * If there was no parent component in
146 * smb_fname->base_name of the parent name
147 * contained a wildcard then don't do this
148 * optimization.
149 */
150 if ((smb_fname->base_name == last_component) ||
151 parent_fname_has_wild) {
152 return NT_STATUS_OK;
153 }
154
155 if (posix_pathnames) {
156 ret = SMB_VFS_LSTAT(conn, &parent_fname);
157 } else {
158 ret = SMB_VFS_STAT(conn, &parent_fname);
159 }
160
161 /* If the parent stat failed, just continue
162 with the normal tree walk. */
163
164 if (ret == -1) {
165 return NT_STATUS_OK;
166 }
167
168 status = check_for_dot_component(&parent_fname);
169 if (!NT_STATUS_IS_OK(status)) {
170 return status;
171 }
172
173 /* Parent exists - set "start" to be the
174 * last component to shorten the tree walk. */
175
176 /*
177 * Safe to use discard_const_p
178 * here as last_component points
179 * into our smb_fname->base_name.
180 */
181 *pp_start = discard_const_p(char, last_component);
182
183 /* Update dirpath. */
184 TALLOC_FREE(*pp_dirpath);
185 *pp_dirpath = talloc_strdup(ctx, parent_fname.base_name);
186 if (!*pp_dirpath) {
187 return NT_STATUS_NO_MEMORY;
188 }
189
190 DEBUG(5,("check_parent_exists: name "
191 "= %s, dirpath = %s, "
192 "start = %s\n",
193 smb_fname->base_name,
194 *pp_dirpath,
195 *pp_start));
196
197 return NT_STATUS_OK;
198 }
199
200 /****************************************************************************
201 This routine is called to convert names from the dos namespace to unix
202 namespace. It needs to handle any case conversions, mangling, format changes,
203 streams etc.
204
205 We assume that we have already done a chdir() to the right "root" directory
206 for this service.
207
208 The function will return an NTSTATUS error if some part of the name except for
209 the last part cannot be resolved, else NT_STATUS_OK.
210
211 Note NT_STATUS_OK doesn't mean the name exists or is valid, just that we
212 didn't get any fatal errors that should immediately terminate the calling SMB
213 processing whilst resolving.
214
215 If the UCF_SAVE_LCOMP flag is passed in, then the unmodified last component
216 of the pathname is set in smb_filename->original_lcomp.
217
218 If UCF_ALWAYS_ALLOW_WCARD_LCOMP is passed in, then a MS wildcard was detected
219 and should be allowed in the last component of the path only.
220
221 If the orig_path was a stream, smb_filename->base_name will point to the base
222 filename, and smb_filename->stream_name will point to the stream name. If
223 orig_path was not a stream, then smb_filename->stream_name will be NULL.
224
225 On exit from unix_convert, the smb_filename->st stat struct will be populated
226 if the file exists and was found, if not this stat struct will be filled with
227 zeros (and this can be detected by checking for nlinks = 0, which can never be
228 true for any file).
229 ****************************************************************************/
230
231 NTSTATUS unix_convert(TALLOC_CTX *ctx,
232 connection_struct *conn,
233 const char *orig_path,
234 struct smb_filename **smb_fname_out,
235 uint32_t ucf_flags)
236 {
237 struct smb_filename *smb_fname = NULL;
238
239 /*
240 * This looks strange. But we need "start" initialized to "" here but
241 * it can't be a const char *, so 'char *start = "";' does not work.
242 */
243 char cnull = '\0';
244 char *start = &cnull;
245
246 char *end;
247 char *dirpath = NULL;
248 char *stream = NULL;
249 bool component_was_mangled = False;
250 bool name_has_wildcard = False;
251 bool posix_pathnames = (ucf_flags & UCF_POSIX_PATHNAMES);
252 bool allow_wcard_last_component =
253 (ucf_flags & UCF_ALWAYS_ALLOW_WCARD_LCOMP);
254 bool save_last_component = ucf_flags & UCF_SAVE_LCOMP;
255 NTSTATUS status;
256 int ret = -1;
257
258 *smb_fname_out = NULL;
259
260 smb_fname = talloc_zero(ctx, struct smb_filename);
261 if (smb_fname == NULL) {
262 return NT_STATUS_NO_MEMORY;
263 }
264
265 if (conn->printer) {
266 /* we don't ever use the filenames on a printer share as a
267 filename - so don't convert them */
268 if (!(smb_fname->base_name = talloc_strdup(smb_fname,
269 orig_path))) {
270 status = NT_STATUS_NO_MEMORY;
271 goto err;
272 }
273 goto done;
274 }
275
276 smb_fname->flags = posix_pathnames ? SMB_FILENAME_POSIX_PATH : 0;
277
278 DEBUG(5, ("unix_convert called on file \"%s\"\n", orig_path));
279
280 /*
281 * Conversion to basic unix format is already done in
282 * check_path_syntax().
283 */
284
285 /*
286 * Names must be relative to the root of the service - any leading /.
287 * and trailing /'s should have been trimmed by check_path_syntax().
288 */
289
290 #ifdef DEVELOPER
291 SMB_ASSERT(*orig_path != '/');
292 #endif
293
294 /*
295 * If we trimmed down to a single '\0' character
296 * then we should use the "." directory to avoid
297 * searching the cache, but not if we are in a
298 * printing share.
299 * As we know this is valid we can return true here.
300 */
301
302 if (!*orig_path) {
303 if (!(smb_fname->base_name = talloc_strdup(smb_fname, "."))) {
304 status = NT_STATUS_NO_MEMORY;
305 goto err;
306 }
307 if (SMB_VFS_STAT(conn, smb_fname) != 0) {
308 status = map_nt_error_from_unix(errno);
309 goto err;
310 }
311 DEBUG(5, ("conversion finished \"\" -> %s\n",
312 smb_fname->base_name));
313 goto done;
314 }
315
316 if (orig_path[0] == '.' && (orig_path[1] == '/' ||
317 orig_path[1] == '\0')) {
318 /* Start of pathname can't be "." only. */
319 if (orig_path[1] == '\0' || orig_path[2] == '\0') {
320 status = NT_STATUS_OBJECT_NAME_INVALID;
321 } else {
322 status =determine_path_error(&orig_path[2],
323 allow_wcard_last_component,
324 posix_pathnames);
325 }
326 goto err;
327 }
328
329 /* Start with the full orig_path as given by the caller. */
330 if (!(smb_fname->base_name = talloc_strdup(smb_fname, orig_path))) {
331 DEBUG(0, ("talloc_strdup failed\n"));
332 status = NT_STATUS_NO_MEMORY;
333 goto err;
334 }
335
336 /*
337 * Large directory fix normalization. If we're case sensitive, and
338 * the case preserving parameters are set to "no", normalize the case of
339 * the incoming filename from the client WHETHER IT EXISTS OR NOT !
340 * This is in conflict with the current (3.0.20) man page, but is
341 * what people expect from the "large directory howto". I'll update
342 * the man page. Thanks to jht@samba.org for finding this. JRA.
343 */
344
345 if (conn->case_sensitive && !conn->case_preserve &&
346 !conn->short_case_preserve) {
347 if (!strnorm(smb_fname->base_name, lp_default_case(SNUM(conn)))) {
348 DEBUG(0, ("strnorm %s failed\n", smb_fname->base_name));
349 status = NT_STATUS_INVALID_PARAMETER;
350 goto err;
351 }
352 }
353
354 /*
355 * Ensure saved_last_component is valid even if file exists.
356 */
357
358 if(save_last_component) {
359 end = strrchr_m(smb_fname->base_name, '/');
360 if (end) {
361 smb_fname->original_lcomp = talloc_strdup(smb_fname,
362 end + 1);
363 } else {
364 smb_fname->original_lcomp =
365 talloc_strdup(smb_fname, smb_fname->base_name);
366 }
367 if (smb_fname->original_lcomp == NULL) {
368 status = NT_STATUS_NO_MEMORY;
369 goto err;
370 }
371 }
372
373 /*
374 * Strip off the stream, and add it back when we're done with the
375 * base_name.
376 */
377 if (!posix_pathnames) {
378 stream = strchr_m(smb_fname->base_name, ':');
379
380 if (stream != NULL) {
381 char *tmp = talloc_strdup(smb_fname, stream);
382 if (tmp == NULL) {
383 status = NT_STATUS_NO_MEMORY;
384 goto err;
385 }
386 /*
387 * Since this is actually pointing into
388 * smb_fname->base_name this truncates base_name.
389 */
390 *stream = '\0';
391 stream = tmp;
392
393 if (smb_fname->base_name[0] == '\0') {
394 /*
395 * orig_name was just a stream name.
396 * This is a stream on the root of
397 * the share. Replace base_name with
398 * a "."
399 */
400 smb_fname->base_name =
401 talloc_strdup(smb_fname, ".");
402 if (smb_fname->base_name == NULL) {
403 status = NT_STATUS_NO_MEMORY;
404 goto err;
405 }
406 if (SMB_VFS_STAT(conn, smb_fname) != 0) {
407 status = map_nt_error_from_unix(errno);
408 goto err;
409 }
410 /* dirpath must exist. */
411 dirpath = talloc_strdup(ctx,"");
412 if (dirpath == NULL) {
413 status = NT_STATUS_NO_MEMORY;
414 goto err;
415 }
416 DEBUG(5, ("conversion finished %s -> %s\n",
417 orig_path,
418 smb_fname->base_name));
419 goto done;
420 }
421 }
422 }
423
424 start = smb_fname->base_name;
425
426 /*
427 * If we're providing case insensitive semantics or
428 * the underlying filesystem is case insensitive,
429 * then a case-normalized hit in the stat-cache is
430 * authoratitive. JRA.
431 *
432 * Note: We're only checking base_name. The stream_name will be
433 * added and verified in build_stream_path().
434 */
435
436 if((!conn->case_sensitive || !(conn->fs_capabilities &
437 FILE_CASE_SENSITIVE_SEARCH)) &&
438 stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name, &dirpath, &start,
439 &smb_fname->st)) {
440 goto done;
441 }
442
443 /*
444 * Make sure "dirpath" is an allocated string, we use this for
445 * building the directories with talloc_asprintf and free it.
446 */
447
448 if ((dirpath == NULL) && (!(dirpath = talloc_strdup(ctx,"")))) {
449 DEBUG(0, ("talloc_strdup failed\n"));
450 status = NT_STATUS_NO_MEMORY;
451 goto err;
452 }
453
454 /*
455 * If we have a wildcard we must walk the path to
456 * find where the error is, even if case sensitive
457 * is true.
458 */
459
460 if (!posix_pathnames) {
461 /* POSIX pathnames have no wildcards. */
462 name_has_wildcard = ms_has_wild(smb_fname->base_name);
463 if (name_has_wildcard && !allow_wcard_last_component) {
464 /* Wildcard not valid anywhere. */
465 status = NT_STATUS_OBJECT_NAME_INVALID;
466 goto fail;
467 }
468 }
469
470 DEBUG(5,("unix_convert begin: name = %s, dirpath = %s, start = %s\n",
471 smb_fname->base_name, dirpath, start));
472
473 if (!name_has_wildcard) {
474 /*
475 * stat the name - if it exists then we can add the stream back (if
476 * there was one) and be done!
477 */
478
479 if (posix_pathnames) {
480 ret = SMB_VFS_LSTAT(conn, smb_fname);
481 } else {
482 ret = SMB_VFS_STAT(conn, smb_fname);
483 }
484
485 if (ret == 0) {
486 status = check_for_dot_component(smb_fname);
487 if (!NT_STATUS_IS_OK(status)) {
488 goto fail;
489 }
490 /* Add the path (not including the stream) to the cache. */
491 stat_cache_add(orig_path, smb_fname->base_name,
492 conn->case_sensitive);
493 DEBUG(5,("conversion of base_name finished %s -> %s\n",
494 orig_path, smb_fname->base_name));
495 goto done;
496 }
497
498 /* Stat failed - ensure we don't use it. */
499 SET_STAT_INVALID(smb_fname->st);
500
501 if (errno == ENOENT) {
502 /* Optimization when creating a new file - only
503 the last component doesn't exist.
504 NOTE : check_parent_exists() doesn't preserve errno.
505 */
506 int saved_errno = errno;
507 status = check_parent_exists(ctx,
508 conn,
509 posix_pathnames,
510 smb_fname,
511 &dirpath,
512 &start);
513 errno = saved_errno;
514 if (!NT_STATUS_IS_OK(status)) {
515 goto fail;
516 }
517 }
518
519 /*
520 * A special case - if we don't have any wildcards or mangling chars and are case
521 * sensitive or the underlying filesystem is case insensitive then searching
522 * won't help.
523 */
524
525 if ((conn->case_sensitive || !(conn->fs_capabilities &
526 FILE_CASE_SENSITIVE_SEARCH)) &&
527 !mangle_is_mangled(smb_fname->base_name, conn->params)) {
528
529 status = check_for_dot_component(smb_fname);
530 if (!NT_STATUS_IS_OK(status)) {
531 goto fail;
532 }
533
534 /*
535 * The stat failed. Could be ok as it could be
536 * a new file.
537 */
538
539 if (errno == ENOTDIR || errno == ELOOP) {
540 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
541 goto fail;
542 } else if (errno == ENOENT) {
543 /*
544 * Was it a missing last component ?
545 * or a missing intermediate component ?
546 */
547 struct smb_filename parent_fname;
548 const char *last_component = NULL;
549
550 ZERO_STRUCT(parent_fname);
551 if (!parent_dirname(ctx, smb_fname->base_name,
552 &parent_fname.base_name,
553 &last_component)) {
554 status = NT_STATUS_NO_MEMORY;
555 goto fail;
556 }
557 if (posix_pathnames) {
558 ret = SMB_VFS_LSTAT(conn, &parent_fname);
559 } else {
560 ret = SMB_VFS_STAT(conn, &parent_fname);
561 }
562 if (ret == -1) {
563 if (errno == ENOTDIR ||
564 errno == ENOENT ||
565 errno == ELOOP) {
566 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
567 goto fail;
568 }
569 }
570
571 /*
572 * Missing last component is ok - new file.
573 * Also deal with permission denied elsewhere.
574 * Just drop out to done.
575 */
576 goto done;
577 }
578 }
579 } else {
580 /*
581 * We have a wildcard in the pathname.
582 *
583 * Optimization for common case where the wildcard
584 * is in the last component and the client already
585 * sent the correct case.
586 * NOTE : check_parent_exists() doesn't preserve errno.
587 */
588 int saved_errno = errno;
589 status = check_parent_exists(ctx,
590 conn,
591 posix_pathnames,
592 smb_fname,
593 &dirpath,
594 &start);
595 errno = saved_errno;
596 if (!NT_STATUS_IS_OK(status)) {
597 goto fail;
598 }
599 }
600
601 /*
602 * is_mangled() was changed to look at an entire pathname, not
603 * just a component. JRA.
604 */
605
606 if (mangle_is_mangled(start, conn->params)) {
607 component_was_mangled = True;
608 }
609
610 /*
611 * Now we need to recursively match the name against the real
612 * directory structure.
613 */
614
615 /*
616 * Match each part of the path name separately, trying the names
617 * as is first, then trying to scan the directory for matching names.
618 */
619
620 for (; start ; start = (end?end+1:(char *)NULL)) {
621 /*
622 * Pinpoint the end of this section of the filename.
623 */
624 /* mb safe. '/' can't be in any encoded char. */
625 end = strchr(start, '/');
626
627 /*
628 * Chop the name at this point.
629 */
630 if (end) {
631 *end = 0;
632 }
633
634 if (save_last_component) {
635 TALLOC_FREE(smb_fname->original_lcomp);
636 smb_fname->original_lcomp = talloc_strdup(smb_fname,
637 end ? end + 1 : start);
638 if (!smb_fname->original_lcomp) {
639 DEBUG(0, ("talloc failed\n"));
640 status = NT_STATUS_NO_MEMORY;
641 goto err;
642 }
643 }
644
645 /* The name cannot have a component of "." */
646
647 if (ISDOT(start)) {
648 if (!end) {
649 /* Error code at the end of a pathname. */
650 status = NT_STATUS_OBJECT_NAME_INVALID;
651 } else {
652 status = determine_path_error(end+1,
653 allow_wcard_last_component,
654 posix_pathnames);
655 }
656 goto fail;
657 }
658
659 /* The name cannot have a wildcard if it's not
660 the last component. */
661
662 if (!posix_pathnames) {
663 name_has_wildcard = ms_has_wild(start);
664 }
665
666 /* Wildcards never valid within a pathname. */
667 if (name_has_wildcard && end) {
668 status = NT_STATUS_OBJECT_NAME_INVALID;
669 goto fail;
670 }
671
672 /* Skip the stat call if it's a wildcard end. */
673 if (name_has_wildcard) {
674 DEBUG(5,("Wildcard %s\n",start));
675 goto done;
676 }
677
678 /*
679 * Check if the name exists up to this point.
680 */
681
682 if (posix_pathnames) {
683 ret = SMB_VFS_LSTAT(conn, smb_fname);
684 } else {
685 ret = SMB_VFS_STAT(conn, smb_fname);
686 }
687
688 if (ret == 0) {
689 /*
690 * It exists. it must either be a directory or this must
691 * be the last part of the path for it to be OK.
692 */
693 if (end && !S_ISDIR(smb_fname->st.st_ex_mode)) {
694 /*
695 * An intermediate part of the name isn't
696 * a directory.
697 */
698 DEBUG(5,("Not a dir %s\n",start));
699 *end = '/';
700 /*
701 * We need to return the fact that the
702 * intermediate name resolution failed. This
703 * is used to return an error of ERRbadpath
704 * rather than ERRbadfile. Some Windows
705 * applications depend on the difference between
706 * these two errors.
707 */
708 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
709 goto fail;
710 }
711
712 } else {
713 char *found_name = NULL;
714
715 /* Stat failed - ensure we don't use it. */
716 SET_STAT_INVALID(smb_fname->st);
717
718 /*
719 * Reset errno so we can detect
720 * directory open errors.
721 */
722 errno = 0;
723
724 /*
725 * Try to find this part of the path in the directory.
726 */
727
728 if (name_has_wildcard ||
729 (get_real_filename(conn, dirpath, start,
730 talloc_tos(),
731 &found_name) == -1)) {
732 char *unmangled;
733
734 if (end) {
735 /*
736 * An intermediate part of the name
737 * can't be found.
738 */
739 DEBUG(5,("Intermediate not found %s\n",
740 start));
741 *end = '/';
742
743 /*
744 * We need to return the fact that the
745 * intermediate name resolution failed.
746 * This is used to return an error of
747 * ERRbadpath rather than ERRbadfile.
748 * Some Windows applications depend on
749 * the difference between these two
750 * errors.
751 */
752
753 /*
754 * ENOENT, ENOTDIR and ELOOP all map
755 * to NT_STATUS_OBJECT_PATH_NOT_FOUND
756 * in the filename walk.
757 */
758
759 if (errno == ENOENT ||
760 errno == ENOTDIR ||
761 errno == ELOOP) {
762 status =
763 NT_STATUS_OBJECT_PATH_NOT_FOUND;
764 }
765 else {
766 status =
767 map_nt_error_from_unix(errno);
768 }
769 goto fail;
770 }
771
772 /*
773 * ENOENT/EACCESS are the only valid errors
774 * here.
775 */
776
777 if (errno == EACCES) {
778 if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) {
779 status = NT_STATUS_ACCESS_DENIED;
780 goto fail;
781 } else {
782 /*
783 * This is the dropbox
784 * behaviour. A dropbox is a
785 * directory with only -wx
786 * permissions, so
787 * get_real_filename fails
788 * with EACCESS, it needs to
789 * list the directory. We
790 * nevertheless want to allow
791 * users creating a file.
792 */
793 errno = 0;
794 }
795 }
796
797 if ((errno != 0) && (errno != ENOENT)) {
798 /*
799 * ENOTDIR and ELOOP both map to
800 * NT_STATUS_OBJECT_PATH_NOT_FOUND
801 * in the filename walk.
802 */
803 if (errno == ENOTDIR ||
804 errno == ELOOP) {
805 status =
806 NT_STATUS_OBJECT_PATH_NOT_FOUND;
807 } else {
808 status =
809 map_nt_error_from_unix(errno);
810 }
811 goto fail;
812 }
813
814 /*
815 * Just the last part of the name doesn't exist.
816 * We need to strupper() or strlower() it as
817 * this conversion may be used for file creation
818 * purposes. Fix inspired by
819 * Thomas Neumann <t.neumann@iku-ag.de>.
820 */
821 if (!conn->case_preserve ||
822 (mangle_is_8_3(start, False,
823 conn->params) &&
824 !conn->short_case_preserve)) {
825 if (!strnorm(start,
826 lp_default_case(SNUM(conn)))) {
827 DEBUG(0, ("strnorm %s failed\n",
828 start));
829 status = NT_STATUS_INVALID_PARAMETER;
830 goto err;
831 }
832 }
833
834 /*
835 * check on the mangled stack to see if we can
836 * recover the base of the filename.
837 */
838
839 if (mangle_is_mangled(start, conn->params)
840 && mangle_lookup_name_from_8_3(ctx,
841 start,
842 &unmangled,
843 conn->params)) {
844 char *tmp;
845 size_t start_ofs =
846 start - smb_fname->base_name;
847
848 if (*dirpath != '\0') {
849 tmp = talloc_asprintf(
850 smb_fname, "%s/%s",
851 dirpath, unmangled);
852 TALLOC_FREE(unmangled);
853 }
854 else {
855 tmp = unmangled;
856 }
857 if (tmp == NULL) {
858 DEBUG(0, ("talloc failed\n"));
859 status = NT_STATUS_NO_MEMORY;
860 goto err;
861 }
862 TALLOC_FREE(smb_fname->base_name);
863 smb_fname->base_name = tmp;
864 start =
865 smb_fname->base_name + start_ofs;
866 end = start + strlen(start);
867 }
868
869 DEBUG(5,("New file %s\n",start));
870 goto done;
871 }
872
873
874 /*
875 * Restore the rest of the string. If the string was
876 * mangled the size may have changed.
877 */
878 if (end) {
879 char *tmp;
880 size_t start_ofs =
881 start - smb_fname->base_name;
882
883 if (*dirpath != '\0') {
884 tmp = talloc_asprintf(smb_fname,
885 "%s/%s/%s", dirpath,
886 found_name, end+1);
887 }
888 else {
889 tmp = talloc_asprintf(smb_fname,
890 "%s/%s", found_name,
891 end+1);
892 }
893 if (tmp == NULL) {
894 DEBUG(0, ("talloc_asprintf failed\n"));
895 status = NT_STATUS_NO_MEMORY;
896 goto err;
897 }
898 TALLOC_FREE(smb_fname->base_name);
899 smb_fname->base_name = tmp;
900 start = smb_fname->base_name + start_ofs;
901 end = start + strlen(found_name);
902 *end = '\0';
903 } else {
904 char *tmp;
905 size_t start_ofs =
906 start - smb_fname->base_name;
907
908 if (*dirpath != '\0') {
909 tmp = talloc_asprintf(smb_fname,
910 "%s/%s", dirpath,
911 found_name);
912 } else {
913 tmp = talloc_strdup(smb_fname,
914 found_name);
915 }
916 if (tmp == NULL) {
917 DEBUG(0, ("talloc failed\n"));
918 status = NT_STATUS_NO_MEMORY;
919 goto err;
920 }
921 TALLOC_FREE(smb_fname->base_name);
922 smb_fname->base_name = tmp;
923 start = smb_fname->base_name + start_ofs;
924
925 /*
926 * We just scanned for, and found the end of
927 * the path. We must return a valid stat struct
928 * if it exists. JRA.
929 */
930
931 if (posix_pathnames) {
932 ret = SMB_VFS_LSTAT(conn, smb_fname);
933 } else {
934 ret = SMB_VFS_STAT(conn, smb_fname);
935 }
936
937 if (ret != 0) {
938 SET_STAT_INVALID(smb_fname->st);
939 }
940 }
941
942 TALLOC_FREE(found_name);
943 } /* end else */
944
945 /*
946 * Add to the dirpath that we have resolved so far.
947 */
948
949 if (*dirpath != '\0') {
950 char *tmp = talloc_asprintf(ctx,
951 "%s/%s", dirpath, start);
952 if (!tmp) {
953 DEBUG(0, ("talloc_asprintf failed\n"));
954 status = NT_STATUS_NO_MEMORY;
955 goto err;
956 }
957 TALLOC_FREE(dirpath);
958 dirpath = tmp;
959 }
960 else {
961 TALLOC_FREE(dirpath);
962 if (!(dirpath = talloc_strdup(ctx,start))) {
963 DEBUG(0, ("talloc_strdup failed\n"));
964 status = NT_STATUS_NO_MEMORY;
965 goto err;
966 }
967 }
968
969 /*
970 * Cache the dirpath thus far. Don't cache a name with mangled
971 * or wildcard components as this can change the size.
972 */
973 if(!component_was_mangled && !name_has_wildcard) {
974 stat_cache_add(orig_path, dirpath,
975 conn->case_sensitive);
976 }
977
978 /*
979 * Restore the / that we wiped out earlier.
980 */
981 if (end) {
982 *end = '/';
983 }
984 }
985
986 /*
987 * Cache the full path. Don't cache a name with mangled or wildcard
988 * components as this can change the size.
989 */
990
991 if(!component_was_mangled && !name_has_wildcard) {
992 stat_cache_add(orig_path, smb_fname->base_name,
993 conn->case_sensitive);
994 }
995
996 /*
997 * The name has been resolved.
998 */
999
1000 DEBUG(5,("conversion finished %s -> %s\n", orig_path,
1001 smb_fname->base_name));
1002
1003 done:
1004 /* Add back the stream if one was stripped off originally. */
1005 if (stream != NULL) {
1006 smb_fname->stream_name = stream;
1007
1008 /* Check path now that the base_name has been converted. */
1009 status = build_stream_path(ctx, conn, smb_fname);
1010 if (!NT_STATUS_IS_OK(status)) {
1011 goto fail;
1012 }
1013 }
1014 TALLOC_FREE(dirpath);
1015 *smb_fname_out = smb_fname;
1016 return NT_STATUS_OK;
1017 fail:
1018 DEBUG(10, ("dirpath = [%s] start = [%s]\n", dirpath, start));
1019 if (dirpath && *dirpath != '\0') {
1020 smb_fname->base_name = talloc_asprintf(smb_fname, "%s/%s",
1021 dirpath, start);
1022 } else {
1023 smb_fname->base_name = talloc_strdup(smb_fname, start);
1024 }
1025 if (!smb_fname->base_name) {
1026 DEBUG(0, ("talloc_asprintf failed\n"));
1027 status = NT_STATUS_NO_MEMORY;
1028 goto err;
1029 }
1030
1031 *smb_fname_out = smb_fname;
1032 TALLOC_FREE(dirpath);
1033 return status;
1034 err:
1035 TALLOC_FREE(smb_fname);
1036 return status;
1037 }
1038
1039 /****************************************************************************
1040 Ensure a path is not vetoed.
1041 ****************************************************************************/
1042
1043 static NTSTATUS check_veto_path(connection_struct *conn, const char *name)
1044 {
1045 if (IS_VETO_PATH(conn, name)) {
1046 /* Is it not dot or dot dot. */
1047 if (!(ISDOT(name) || ISDOTDOT(name))) {
1048 DEBUG(5,("check_veto_path: file path name %s vetoed\n",
1049 name));
1050 return map_nt_error_from_unix(ENOENT);
1051 }
1052 }
1053 return NT_STATUS_OK;
1054 }
1055
1056 /****************************************************************************
1057 Check a filename - possibly calling check_reduced_name.
1058 This is called by every routine before it allows an operation on a filename.
1059 It does any final confirmation necessary to ensure that the filename is
1060 a valid one for the user to access.
1061 ****************************************************************************/
1062
1063 NTSTATUS check_name(connection_struct *conn, const char *name)
1064 {
1065 NTSTATUS status = check_veto_path(conn, name);
1066
1067 if (!NT_STATUS_IS_OK(status)) {
1068 return status;
1069 }
1070
1071 if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
1072 status = check_reduced_name(conn,name);
1073 if (!NT_STATUS_IS_OK(status)) {
1074 DEBUG(5,("check_name: name %s failed with %s\n",name,
1075 nt_errstr(status)));
1076 return status;
1077 }
1078 }
1079
1080 return NT_STATUS_OK;
1081 }
1082
1083 /****************************************************************************
1084 Must be called as root. Creates the struct privilege_paths
1085 attached to the struct smb_request if this call is successful.
1086 ****************************************************************************/
1087
1088 static NTSTATUS check_name_with_privilege(connection_struct *conn,
1089 struct smb_request *smbreq,
1090 const char *name)
1091 {
1092 NTSTATUS status = check_veto_path(conn, name);
1093
1094 if (!NT_STATUS_IS_OK(status)) {
1095 return status;
1096 }
1097 return check_reduced_name_with_privilege(conn,
1098 name,
1099 smbreq);
1100 }
1101
1102 /****************************************************************************
1103 Check if two filenames are equal.
1104 This needs to be careful about whether we are case sensitive.
1105 ****************************************************************************/
1106
1107 static bool fname_equal(const char *name1, const char *name2,
1108 bool case_sensitive)
1109 {
1110 /* Normal filename handling */
1111 if (case_sensitive) {
1112 return(strcmp(name1,name2) == 0);
1113 }
1114
1115 return(strequal(name1,name2));
1116 }
1117
1118 /****************************************************************************
1119 Scan a directory to find a filename, matching without case sensitivity.
1120 If the name looks like a mangled name then try via the mangling functions
1121 ****************************************************************************/
1122
1123 static int get_real_filename_full_scan(connection_struct *conn,
1124 const char *path, const char *name,
1125 bool mangled,
1126 TALLOC_CTX *mem_ctx, char **found_name)
1127 {
1128 struct smb_Dir *cur_dir;
1129 const char *dname = NULL;
1130 char *talloced = NULL;
1131 char *unmangled_name = NULL;
1132 long curpos;
1133 struct smb_filename *smb_fname = NULL;
1134
1135 /* handle null paths */
1136 if ((path == NULL) || (*path == 0)) {
1137 path = ".";
1138 }
1139
1140 /* If we have a case-sensitive filesystem, it doesn't do us any
1141 * good to search for a name. If a case variation of the name was
1142 * there, then the original stat(2) would have found it.
1143 */
1144 if (!mangled && !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) {
1145 errno = ENOENT;
1146 return -1;
1147 }
1148
1149 /*
1150 * The incoming name can be mangled, and if we de-mangle it
1151 * here it will not compare correctly against the filename (name2)
1152 * read from the directory and then mangled by the name_to_8_3()
1153 * call. We need to mangle both names or neither.
1154 * (JRA).
1155 *
1156 * Fix for bug found by Dina Fine. If in case sensitive mode then
1157 * the mangle cache is no good (3 letter extension could be wrong
1158 * case - so don't demangle in this case - leave as mangled and
1159 * allow the mangling of the directory entry read (which is done
1160 * case insensitively) to match instead. This will lead to more
1161 * false positive matches but we fail completely without it. JRA.
1162 */
1163
1164 if (mangled && !conn->case_sensitive) {
1165 mangled = !mangle_lookup_name_from_8_3(talloc_tos(), name,
1166 &unmangled_name,
1167 conn->params);
1168 if (!mangled) {
1169 /* Name is now unmangled. */
1170 name = unmangled_name;
1171 }
1172 }
1173
1174 smb_fname = synthetic_smb_fname(talloc_tos(),
1175 path,
1176 NULL,
1177 NULL,
1178 0);
1179 if (smb_fname == NULL) {
1180 TALLOC_FREE(unmangled_name);
1181 return -1;
1182 }
1183
1184 /* open the directory */
1185 if (!(cur_dir = OpenDir(talloc_tos(), conn, smb_fname, NULL, 0))) {
1186 DEBUG(3,("scan dir didn't open dir [%s]\n",path));
1187 TALLOC_FREE(unmangled_name);
1188 TALLOC_FREE(smb_fname);
1189 return -1;
1190 }
1191
1192 TALLOC_FREE(smb_fname);
1193
1194 /* now scan for matching names */
1195 curpos = 0;
1196 while ((dname = ReadDirName(cur_dir, &curpos, NULL, &talloced))) {
1197
1198 /* Is it dot or dot dot. */
1199 if (ISDOT(dname) || ISDOTDOT(dname)) {
1200 TALLOC_FREE(talloced);
1201 continue;
1202 }
1203
1204 /*
1205 * At this point dname is the unmangled name.
1206 * name is either mangled or not, depending on the state
1207 * of the "mangled" variable. JRA.
1208 */
1209
1210 /*
1211 * Check mangled name against mangled name, or unmangled name
1212 * against unmangled name.
1213 */
1214
1215 if ((mangled && mangled_equal(name,dname,conn->params)) ||
1216 fname_equal(name, dname, conn->case_sensitive)) {
1217 /* we've found the file, change it's name and return */
1218 *found_name = talloc_strdup(mem_ctx, dname);
1219 TALLOC_FREE(unmangled_name);
1220 TALLOC_FREE(cur_dir);
1221 if (!*found_name) {
1222 errno = ENOMEM;
1223 TALLOC_FREE(talloced);
1224 return -1;
1225 }
1226 TALLOC_FREE(talloced);
1227 return 0;
1228 }
1229 TALLOC_FREE(talloced);
1230 }
1231
1232 TALLOC_FREE(unmangled_name);
1233 TALLOC_FREE(cur_dir);
1234 errno = ENOENT;
1235 return -1;
1236 }
1237
1238 /****************************************************************************
1239 Wrapper around the vfs get_real_filename and the full directory scan
1240 fallback.
1241 ****************************************************************************/
1242
1243 int get_real_filename(connection_struct *conn, const char *path,
1244 const char *name, TALLOC_CTX *mem_ctx,
1245 char **found_name)
1246 {
1247 int ret;
1248 bool mangled;
1249
1250 mangled = mangle_is_mangled(name, conn->params);
1251
1252 if (mangled) {
1253 return get_real_filename_full_scan(conn, path, name, mangled,
1254 mem_ctx, found_name);
1255 }
1256
1257 /* Try the vfs first to take advantage of case-insensitive stat. */
1258 ret = SMB_VFS_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name);
1259
1260 /*
1261 * If the case-insensitive stat was successful, or returned an error
1262 * other than EOPNOTSUPP then there is no need to fall back on the
1263 * full directory scan.
1264 */
1265 if (ret == 0 || (ret == -1 && errno != EOPNOTSUPP)) {
1266 return ret;
1267 }
1268
1269 return get_real_filename_full_scan(conn, path, name, mangled, mem_ctx,
1270 found_name);
1271 }
1272
1273 static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
1274 connection_struct *conn,
1275 struct smb_filename *smb_fname)
1276 {
1277 NTSTATUS status;
1278 unsigned int i, num_streams = 0;
1279 struct stream_struct *streams = NULL;
1280
1281 if (SMB_VFS_STAT(conn, smb_fname) == 0) {
1282 DEBUG(10, ("'%s' exists\n", smb_fname_str_dbg(smb_fname)));
1283 return NT_STATUS_OK;
1284 }
1285
1286 if (errno != ENOENT) {
1287 DEBUG(10, ("vfs_stat failed: %s\n", strerror(errno)));
1288 status = map_nt_error_from_unix(errno);
1289 goto fail;
1290 }
1291
1292 /* Fall back to a case-insensitive scan of all streams on the file. */
1293 status = vfs_streaminfo(conn, NULL, smb_fname, mem_ctx,
1294 &num_streams, &streams);
1295
1296 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1297 SET_STAT_INVALID(smb_fname->st);
1298 return NT_STATUS_OK;
1299 }
1300
1301 if (!NT_STATUS_IS_OK(status)) {
1302 DEBUG(10, ("vfs_streaminfo failed: %s\n", nt_errstr(status)));
1303 goto fail;
1304 }
1305
1306 for (i=0; i<num_streams; i++) {
1307 DEBUG(10, ("comparing [%s] and [%s]: ",
1308 smb_fname->stream_name, streams[i].name));
1309 if (fname_equal(smb_fname->stream_name, streams[i].name,
1310 conn->case_sensitive)) {
1311 DEBUGADD(10, ("equal\n"));
1312 break;
1313 }
1314 DEBUGADD(10, ("not equal\n"));
1315 }
1316
1317 /* Couldn't find the stream. */
1318 if (i == num_streams) {
1319 SET_STAT_INVALID(smb_fname->st);
1320 TALLOC_FREE(streams);
1321 return NT_STATUS_OK;
1322 }
1323
1324 DEBUG(10, ("case insensitive stream. requested: %s, actual: %s\n",
1325 smb_fname->stream_name, streams[i].name));
1326
1327
1328 TALLOC_FREE(smb_fname->stream_name);
1329 smb_fname->stream_name = talloc_strdup(smb_fname, streams[i].name);
1330 if (smb_fname->stream_name == NULL) {
1331 status = NT_STATUS_NO_MEMORY;
1332 goto fail;
1333 }
1334
1335 SET_STAT_INVALID(smb_fname->st);
1336
1337 if (SMB_VFS_STAT(conn, smb_fname) == 0) {
1338 DEBUG(10, ("'%s' exists\n", smb_fname_str_dbg(smb_fname)));
1339 }
1340 status = NT_STATUS_OK;
1341 fail:
1342 TALLOC_FREE(streams);
1343 return status;
1344 }
1345
1346 /**
1347 * Go through all the steps to validate a filename.
1348 *
1349 * @param ctx talloc_ctx to allocate memory with.
1350 * @param conn connection struct for vfs calls.
1351 * @param dfs_path Whether this path requires dfs resolution.
1352 * @param smbreq SMB request if we're using privileges.
1353 * @param name_in The unconverted name.
1354 * @param ucf_flags flags to pass through to unix_convert().
1355 * UCF_ALWAYS_ALLOW_WCARD_LCOMP will be OR'd in if
1356 * p_cont_wcard != NULL and is true and
1357 * UCF_COND_ALLOW_WCARD_LCOMP.
1358 * @param p_cont_wcard If not NULL, will be set to true if the dfs path
1359 * resolution detects a wildcard.
1360 * @param pp_smb_fname The final converted name will be allocated if the
1361 * return is NT_STATUS_OK.
1362 *
1363 * @return NT_STATUS_OK if all operations completed succesfully, appropriate
1364 * error otherwise.
1365 */
1366 static NTSTATUS filename_convert_internal(TALLOC_CTX *ctx,
1367 connection_struct *conn,
1368 bool dfs_path,
1369 struct smb_request *smbreq,
1370 const char *name_in,
1371 uint32_t ucf_flags,
1372 bool *ppath_contains_wcard,
1373 struct smb_filename **pp_smb_fname)
1374 {
1375 NTSTATUS status;
1376 char *fname = NULL;
1377
1378 *pp_smb_fname = NULL;
1379
1380 status = resolve_dfspath_wcard(ctx, conn,
1381 dfs_path,
1382 name_in,
1383 ucf_flags,
1384 !conn->sconn->using_smb2,
1385 &fname,
1386 ppath_contains_wcard);
1387 if (!NT_STATUS_IS_OK(status)) {
1388 DEBUG(10,("filename_convert_internal: resolve_dfspath failed "
1389 "for name %s with %s\n",
1390 name_in,
1391 nt_errstr(status) ));
1392 return status;
1393 }
1394
1395 if (is_fake_file_path(name_in)) {
1396 SMB_STRUCT_STAT st;
1397 ZERO_STRUCT(st);
1398 st.st_ex_nlink = 1;
1399 *pp_smb_fname = synthetic_smb_fname_split(ctx,
1400 name_in,
1401 (ucf_flags & UCF_POSIX_PATHNAMES));
1402 if (*pp_smb_fname == NULL) {
1403 return NT_STATUS_NO_MEMORY;
1404 }
1405 (*pp_smb_fname)->st = st;
1406 return NT_STATUS_OK;
1407 }
1408
1409 /*
1410 * If the caller conditionally allows wildcard lookups, only add the
1411 * always allow if the path actually does contain a wildcard.
1412 */
1413 if (ucf_flags & UCF_COND_ALLOW_WCARD_LCOMP &&
1414 ppath_contains_wcard != NULL && *ppath_contains_wcard) {
1415 ucf_flags |= UCF_ALWAYS_ALLOW_WCARD_LCOMP;
1416 }
1417
1418 status = unix_convert(ctx, conn, fname, pp_smb_fname, ucf_flags);
1419 if (!NT_STATUS_IS_OK(status)) {
1420 DEBUG(10,("filename_convert_internal: unix_convert failed "
1421 "for name %s with %s\n",
1422 fname,
1423 nt_errstr(status) ));
1424 return status;
1425 }
1426
1427 if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
1428 VALID_STAT((*pp_smb_fname)->st) &&
1429 S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
1430 return check_veto_path(conn, (*pp_smb_fname)->base_name);
1431 }
1432
1433 if (!smbreq) {
1434 status = check_name(conn, (*pp_smb_fname)->base_name);
1435 } else {
1436 status = check_name_with_privilege(conn, smbreq, (*pp_smb_fname)->base_name);
1437 }
1438 if (!NT_STATUS_IS_OK(status)) {
1439 DEBUG(3,("filename_convert_internal: check_name failed "
1440 "for name %s with %s\n",
1441 smb_fname_str_dbg(*pp_smb_fname),
1442 nt_errstr(status) ));
1443 TALLOC_FREE(*pp_smb_fname);
1444 return status;
1445 }
1446
1447 return status;
1448 }
1449
1450 /*
1451 * Go through all the steps to validate a filename.
1452 * Non-root version.
1453 */
1454
1455 NTSTATUS filename_convert(TALLOC_CTX *ctx,
1456 connection_struct *conn,
1457 bool dfs_path,
1458 const char *name_in,
1459 uint32_t ucf_flags,
1460 bool *ppath_contains_wcard,
1461 struct smb_filename **pp_smb_fname)
1462 {
1463 return filename_convert_internal(ctx,
1464 conn,
1465 dfs_path,
1466 NULL,
1467 name_in,
1468 ucf_flags,
1469 ppath_contains_wcard,
1470 pp_smb_fname);
1471 }
1472
1473 /*
1474 * Go through all the steps to validate a filename.
1475 * root (privileged) version.
1476 */
1477
1478 NTSTATUS filename_convert_with_privilege(TALLOC_CTX *ctx,
1479 connection_struct *conn,
1480 struct smb_request *smbreq,
1481 const char *name_in,
1482 uint32_t ucf_flags,
1483 bool *ppath_contains_wcard,
1484 struct smb_filename **pp_smb_fname)
1485 {
1486 return filename_convert_internal(ctx,
1487 conn,
1488 smbreq->flags2 & FLAGS2_DFS_PATHNAMES,
1489 smbreq,
1490 name_in,
1491 ucf_flags,
1492 ppath_contains_wcard,
1493 pp_smb_fname);
1494 }
Samba GIT mirror